top of page
This site was designed with the
.com
website builder. Create your website today.Start Now

The Device

Anchor 1
Keypad
vulnerabilities
 

Each keypad has a defined layout and dimensions. Therefore, the user is forced to press keys that have a well-defined position in space. This can be a vulnerability since eventually the user will press these positions in space in order to enter a code.

Safe
vulnerabilities

A simple digital safe was chosen as a target to prove the body key-logger concept.  To open the safe that was used in this work, a user is required to perform the following tasks:

  • Enter the numeric code, digit by digit, by pressing the numeric keys of the keypad. Upon each successful keystroke, the device makes a noticeable sound and lights an indicator to indicate a numeric keypress.

  • Press one of two “code entered” keys – either the “Enter” key or the “Key” key. Upon a successful keystroke, the device makes a noticeable sound and lights an indicator to indicate a successful or unsuccessful code entry.

  • Rotate and pull a handle to open the safe door (assuming the code entry was successful).

The vulnerabilities in the user-device interface:

  • Each key has a fixed position

  • Each key has a fixed function

  • Audio feedback indicates a successful key press

  • After entering a personal code, the user is forced to press either the “Enter” key of the “Key” key.

Body
key-logger

The circuit designed, comprise of a line of optical time-of-flight sensors. When scanned periodically, the line of sensors creates a detection plane that is used to track the horizontal movement of the key pressing finger in front of the keypad. The design assumes that the user is pressing each key with a single finger and that the remainder of the fingers are held in a fist which does not change from one key press to another. Two properties are read from each sensor: the measured distance to the user’s finger and return signal rate.

The circuit is also comprised of a microphone which is sampled periodically to detect successful key press events. Other major components are an STM32F303K8T6 microcontroller, an ambient light sensor and an IR LED. The microcontroller executes the body key-logger software. To save on battery power, it is assumed that the safe is not exposed to light when it’s not in use (e.g. the safe is installed in a drawer or a closet). The ambient light sensor is used to detect the decrease in ambient light (keypad not in use) or its increase (keypad in use) and to set the power consumption mode of the key-logger accordingly. The IR LED is used to transmit the logged key presses to an external terminal, upon request, using IR light.

The key-logger device was designed to be disguised as a magnet or a sticker:

Demo
 
Late
extraction
 
Data
analysis
 
The general
case

The body keylogger exploits the safe's audio feedback to detect keystrokes. In order to adapt the key-logger to any keypad, an algorithm may use the spatial halt during a keystroke to detect the keystroke event. 

bottom of page